Google shutting down an active counterterrorism operation (2020)

Date	The first attacks were discovered in February 2020, the second wave of attack is dated October 2020.^[1]
Suspected actor	Western government operatives^[2]
Target	Devices using iOS, Android and Windows software.^[1] ^[3]
Target systems	Even though the Project Zero team omitted the information who was being targeted,^[2] it can be concluded that in general the systems were targeted through browsers - Safari, Chrome, Samsung Browser.^[1]
Method	The “threat actor” conducted an attack in which he was luring the users of the browsers in through a never-before-seen “watering hole website” that would attempt to infect some devices using a mixture of three zero-day and other “n-day” (already publicly known) vulnerabilities.^[3] The website was pointing to two exploit servers that hosted exploit chains for Android, Windows, and iOS devices.^[1]
Purpose	According to the findings by the MIT Technological Review, the attacks were part of a counter-terrorism operations.^[2]
Result	After nine months of a hacking operation, Google’s security teams exposed it. Moreover, since the “expert” hacking group exploited 11 powerful vulnerabilities, Project Zero consider this operation as a big success.^[1] On the other hand, when MIT revealed that the “expert” hacking group were actually Western government operatives actively conducting a counterterrorism operation, it raised the question if the disclosure of such operation is appropriate.^[4]
Aftermath	The main issue of the operation was the speed and level of the expertise of attacks. Moreover, the fact that so many vulnerabilities were discovered that quickly is still troublesome, as other skilled hackers might have found and exploited them. According to the BGR “the silver lining of these revelations is that Western spies were targeting specific groups of people, which means most Android, iPhone, and Windows users shouldn’t be impacted.”^[5]
Analysed in	Scenario 07: Leak of State-developed hacking tools Scenario 11: Sale of surveillance tools in defiance of international sanctions

Collected by: Anna Blechová

↑ ^1.0 ^1.1 ^1.2 ^1.3 ^1.4 Project Zero, In-the-Wild Series: October 2020 0-day discovery , (18 March 2021)
↑ ^2.0 ^2.1 ^2.2 Patrick Howell O’Neill, Google’s unusual move to shut down an active counterterrorism operation being conducted by a Western democracy , (March 26, 2021), MIT Technological Review
↑ ^3.0 ^3.1 Lewis Page, Google’s Project Zero shuts down Western counter-terrorist hacker team , (29 May 2021), Verdict
↑ Lily Hay Newman, Security News This Week: Prolific Hackers Hosed by Google Were a Counterterrorism Operation , (27 March 2021), Wired
↑ Chris Smith, A Massive hack that Google thwarted was actually a counterterrorism operation, (28 March 2021), BGR

[:0-1] 1.0 ^1.1 ^1.2 ^1.3 ^1.4 Project Zero, In-the-Wild Series: October 2020 0-day discovery , (18 March 2021)

[:1-2] 2.0 ^2.1 ^2.2 Patrick Howell O’Neill, Google’s unusual move to shut down an active counterterrorism operation being conducted by a Western democracy , (March 26, 2021), MIT Technological Review

[:2-3] 3.0 ^3.1 Lewis Page, Google’s Project Zero shuts down Western counter-terrorist hacker team , (29 May 2021), Verdict

[4] Lily Hay Newman, Security News This Week: Prolific Hackers Hosed by Google Were a Counterterrorism Operation , (27 March 2021), Wired

[5] Chris Smith, A Massive hack that Google thwarted was actually a counterterrorism operation, (28 March 2021), BGR

[1]

[2]

[3]

[4]

[5]

Google shutting down an active counterterrorism operation (2020)

Navigation menu

Search